Add in permissions for reactions

2013-11-15 14:48:39 -06:00 · 2013-11-15 14:48:39 -06:00 · be0a59d52f
commit be0a59d52f
parent e123468009
3 changed files with 23 additions and 12 deletions
--- a/controllers/class.reactcontroller.php
+++ b/controllers/class.reactcontroller.php
@ -44,13 +44,17 @@ class ReactController extends Gdn_Controller {
   * tell you!
   */
  public function Discussion($DiscussionID, $ActionID) {
-    // check to see if allowed to react
-    $this->Permission('Plugins.Reactions.Add');
+    $Action = $this->ActionModel->GetAction($ActionID);
    
-    if(!$this->ActionModel->ActionExists($ActionID)) {
+    // Make sure the action exists and the user is allowed to react    
+    if(!$Action) {
      throw new Gdn_UserException('Invalid Action');
    }
    
+    if(!Gdn::Session()->CheckPermission($Action->Permission)) {
+      throw PermissionException();
+    }
+    
    $DiscussionModel = new DiscussionModel();
    $Discussion = $DiscussionModel->GetID($DiscussionID);
    
@ -85,13 +89,17 @@ class ReactController extends Gdn_Controller {
   * tell you!
   */
  public function Comment($CommentID, $ActionID) {
-    // check to see if allowed to react
-    $this->Permission('Plugins.Reactions.Add');
+    $Action = $this->ActionModel->GetAction($ActionID);
    
-    if(!$this->ActionModel->ActionExists($ActionID)) {
+    // Make sure the action exists and the user is allowed to react    
+    if(!$Action) {
      throw new Gdn_UserException('Invalid Action');
    }
    
+    if(!Gdn::Session()->CheckPermission($Action->Permission)) {
+      throw PermissionException();
+    }
+    
    $CommentModel = new CommentModel();
    $Comment = $CommentModel->GetID($CommentID);
    
@ -126,17 +134,20 @@ class ReactController extends Gdn_Controller {
   * tell you!
   */
  public function Activity($ActivityID, $ActionID) {
-    // check to see if allowed to react
-    $this->Permission('Plugins.Reactions.Add');
+    $Action = $this->ActionModel->GetAction($ActionID);
    
-    if(!$this->ActionModel->ActionExists($ActionID)) {
+    // Make sure the action exists and the user is allowed to react    
+    if(!$Action) {
      throw new Gdn_UserException('Invalid Action');
    }
    
+    if(!Gdn::Session()->CheckPermission($Action->Permission)) {
+      throw PermissionException();
+    }
+    
    $ActivityModel = new ActivityModel();
    $Activity = $ActivityModel->GetID($ActivityID);
-//    decho($Activity);
-//    die();
+
    if($Activity) {
      $Anchor = '#Activity_' . $ActivityID . ' .ReactMenu';
    }
--- a/models/class.reactionmodel.php
+++ b/models/class.reactionmodel.php
@ -151,7 +151,6 @@ class ReactionModel extends Gdn_Model {
   * 
   * Events: AfterReactionSave
   * 
-   * @todo Add points to the parent score column on discussions and comments
   * @param int $ID
   * @param enum $Type activity, comment, discussion
   * @param int $AuthorID
--- a/settings/structure.php
+++ b/settings/structure.php
@ -32,6 +32,7 @@ $Construct->Table('Action')
        ->Column('Tooltip', 'varchar(255)')
        ->Column('CssClass', 'varchar(255)')
        ->Column('AwardValue', 'int', 1)
+        ->Column('Permission', 'varchar(255)', 'Yaga.Reactions.Add')
        ->Column('Sort', 'int', TRUE)
        ->Set($Explicit, $Drop);